Date: Fri, 07 May 2004 02:18:46 +0200 From: Andre Oppermann <andre@freebsd.org> To: Julian Elischer <julian@elischer.org> Cc: freebsd-net@freebsd.org Subject: Re: Default behaviour of IP Options processing Message-ID: <409AD5E6.34E3D191@freebsd.org> References: <Pine.BSF.4.21.0405061702000.82978-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > > On Thu, 6 May 2004, Sam Leffler wrote: > > > > > For fine-grained selection packet filtering is the better solution. This is a > > simple, much lighterweight, mechanism that doesn't require touching every > > packet. > > I would only do the tests if the packet HAD an ip option.. > > either way I'm not going to scream about it.. > just my thoughts on the matter.. On a side note: Setting this sysctl to ignore does not prevent the host from generating or receiving packets with IP options on sockets. Only from adding to them when they come by. Rejecting such packets does not prevent you from sending them but certainly does from receiving them. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?409AD5E6.34E3D191>